Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1032871AbbKEHeJ (ORCPT ); Thu, 5 Nov 2015 02:34:09 -0500 Received: from mx1.redhat.com ([209.132.183.28]:42449 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1031944AbbKEHeH (ORCPT ); Thu, 5 Nov 2015 02:34:07 -0500 Subject: Re: [PATCH 0/4] dm verity: add support for error correction To: Sami Tolvanen References: <1446688954-29589-1-git-send-email-samitolvanen@google.com> Cc: device-mapper development , Mikulas Patocka , Mandeep Baines , Will Drewry , Kees Cook , Mike Snitzer , linux-kernel@vger.kernel.org, Alasdair Kergon , Mark Salyzyn From: Milan Broz Message-ID: <563B066C.6050202@redhat.com> Date: Thu, 5 Nov 2015 08:34:04 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 In-Reply-To: <1446688954-29589-1-git-send-email-samitolvanen@google.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1422 Lines: 36 On 11/05/2015 03:02 AM, Sami Tolvanen wrote: > This patch set adds error correction support to dm-verity, which > makes it possible to recover from data corruption in exchange of > increased space overhead. > > The feature is implemented as part of dm-verity to take advantage > of the existing hash tree to improve performance and locate known > erasures. Hi, could you please elaborate why is all this needed? To extend support of some faulty flash chips? Do you have some statistics that there are really such correctable errors in real devices? Anyway, I really do not understand layer separation here. Either we have cryptographically strong data integrity checking or we have error-correction. Are we sure this combination does not create some unintended gap in integrity checking? Why the integrity check should even try to do some error correction if there is an intentional integrity attack? IMO if you need an error correction, this should be placed as a separate layer below the crypto integrity check, the same as RAID operates. The second question - why are you writing another separate tool for maintenance for dm-verity when there is veritysetup? Milan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/